search
githubEdit

Tools

hashtag
Tools

Highly inspired by The Bug Hunter’s Methodology Jason Haddix @jhaddixarrow-up-right.

hashtag
Seeds/Roots

hashtag
ASN Enumeratiom

  • bgp.he.net

  • Asnlookup

  • Metabigor

hashtag
Reverse WHOIS

  • whoxy.com

  • DOMLink

hashtag
Ad/Analytics Relationships

hashtag
Google-Fu

  • Copyright text

  • Terms of service text

  • Privacy policy test

hashtag
Subs

hashtag
Linked and JS Discovery

  • Burp Suite Pro (or ZAP Proxy?)

  • GoSpider

  • hakrawler

  • Subdomainizer

  • subscraper

hashtag
Subdomain Scraping

hashtag
Subdomain Bruting

Wordlists

  • all.txt

  • AssetNote -> commonspeak2

hashtag
Favicon Analysis

  • favfreak

hashtag
Port Analysis

  • Nmap

  • masscan (faster than Nmap)

  • dnmasscan

  • Brutespray

hashtag
GitHub Dorking

  • github-search

hashtag
Screenshotting

  • Aquatone

  • Eyewitness

  • httpscreenshot

  • WitnessMe

hashtag
Subdomain takeover

  • can-i-take-over-xyz

  • Nuclei

  • SubOver

hashtag
Automation++

  • interlace

  • Tools by TomNomNom (eg httpprobe, mage)

hashtag
Frameworks

hashtag
S-Tier

hashtag
A-Tier

hashtag
B-Tier

hashtag
C-Tier

hashtag
MISC (to be cleaned up)

  • WebScarab

  • Recon-ng

  • GitRob

  • CyberChefarrow-up-right

  • OnlineHashCrack.com

  • idb

  • Wireshark

  • Bucket Finder

  • Race the Web

  • Google Dorks

  • JD GUI

  • Mobile Security Framework

  • Ysoserial

PreviousPlatforms

Last updated